Cyber Resilience

CVE-2022-40799

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 29 November 2022

Published
29 November 2022
Modified
03 November 2025
KEV Added
05 August 2025
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5700 98.2th percentile
Risk Priority 72 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-40799 is a high-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Dlink Dnr-322L Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2022-40799 is a data integrity failure (CWE-494) in the Backup Config functionality of the D-Link DNR-322L network video recorder running firmware versions up to and including 2.60B15. The flaw stems from insufficient validation of configuration data, enabling an attacker to supply crafted input that the device processes without integrity checks.

An authenticated attacker with network access can exploit the issue to execute arbitrary operating-system commands on the device. The CVSS 8.8 vector reflects low attack complexity, no user interaction, and full compromise of confidentiality, integrity, and availability once the attacker is logged in.

Public references include a detailed proof-of-concept repository and listing in CISA’s Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild use. The associated EPSS score has remained steady at 0.57, reflecting sustained exploitation interest since disclosure. No vendor patch or firmware update is referenced in the available advisories; organizations are therefore advised to isolate or replace affected units.

EU & UK References

Vulnerability details

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.

CWE(s)
KEV Date Added
05 August 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dnr-322l firmware
≤ 2.60b15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic or other integrity verification of configuration information before it is processed, blocking the malicious backup archive that triggers OS command execution.

prevent

Mandates validation of all input (including uploaded configuration archives) for correctness and safety, preventing acceptance of malformed or malicious backup files.

prevent

Enforces access restrictions and review/approval steps for configuration changes, limiting the ability of an authenticated user to load an untrusted backup config.

References